Bug 797086

Summary: error and inaccuracy in description
Product: [Fedora] Fedora Reporter: Valentin Laskov <laskov>
Component: setroubleshoot-pluginsAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: rawhideCC: dwalsh, jdennis, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-09 15:01:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Valentin Laskov 2012-02-24 08:43:31 UTC
Description of problem:
I'm translating this [1] to Bulgarian. There are mistakes in the flwng text, I think:
If httpd scripts should be allowed to write to public directories you need to turn on the $BOOLEAN boolean and change the file context of the public directory to public_content_rw_t. Read the httpd_selinux man page for further information: "setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t <path>" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t public_content_rw_t <path>"

In "...default file context files on the system in order to preserve them even on a full relabel." system must be directory and what is relabel ?


Additional info:
[1] third on the page
https://fedora.transifex.net/projects/p/setroubleshoot/resource/plugins/l/bg/view/

Comment 1 Valentin Laskov 2012-02-24 08:51:43 UTC
I learned what is relabel :)

Comment 2 Valentin Laskov 2012-02-24 11:47:58 UTC
There is a URL devided by NewLine and spaces in the 14-th:
The $SOURCE application attempted to load $TARGET_PATH which requires text relocation. This is a potential security problem. Most libraries should not need this permission. The <a href="http://people.redhat.com/drepper/selinux-mem.html"> SELinux Memory Protection Tests</a> web page explains this check. This tool examined the library and it looks like it was built correctly. So setroubleshoot can not determine if this application is compromized or not. This could be a serious issue. Your system may very well be compromised.

Contact your security administrator and report this issue.

Comment 3 Daniel Walsh 2012-02-24 19:22:14 UTC
Not sure what the problem is here?

Comment 4 Valentin Laskov 2012-02-27 07:28:04 UTC
In the first text: "You must also change the default file context files on the system ...", may be misunderstood as "the whole system" but not "in the (public) directory".
In the second text, URL is splitted on two lines and has spaces, and probably not be displayed correctly.
If you do not think so, please close this bug.

Comment 5 Daniel Walsh 2012-02-27 20:09:00 UTC
How about:

    You must also change the default file context labeling files on the system in order to preserve public directory labeling even on a full relabel.  "semanage fcontext -a -t public_content_rw_t <path>"